Cyber attacks cost UK businesses £18 billion in lost revenue and £16 billion in increased IT spending per year as a result of breaches. And the issue is widespread, 81 percent of UK businesses reported a breach in 2014. Register today for this free webcast to find out more as we discuss..

Following the outstanding success of our 2015 event, SC Congress is returning to London on 10 February 2016. Join hundreds of your information security colleagues to hear the latest news and analysis and to experience the latest solutions in cyber-security. Register today for free.

Targeted attack tied to Tibet leads to malicious Android app download

A spear-phishing attack that installs a malicious Android application has been detected by Kaspersky Lab.

According to research by Kaspersky Lab experts Costin Raiu, Kurt Baumgartner and Denis Maslennikov, targeted messages were sent to activists and human rights advocates after the email account of a high-profile Tibetan activist was hacked.

The messages that were sent, included an APK attachment, and a malicious program for Android, which downloaded "WUC's Conference.apk" that Kaspersky Lab believed to be deliberately related to the World Uyghur Conference and said the attachment was a letter on behalf of the organisers. The conference took place earlier this month in Geneva.

If a recipient opens the attachment, it displays a letter while malware secretly reports the infection to a command-and-control (C&C) server and sends out data including: contacts (stored both on the phone and the SIM card); call logs; SMS messages; geolocation data; and phone data (phone number, OS version, phone model, SDK version).

Kaspersky Lab said that despite there being hundreds, if not thousands, of targeted attacks against Tibetan and Uyghur supporters, the vast majority of these target Windows machines through Word documents exploiting known vulnerabilities such as CVE-2012-0158, CVE-2010-3333 and CVE-2009-3129.

“In this case, the attackers hacked a Tibetan activist's account and used it to attack Uyghur activists. It indicates perhaps an interesting trend that is exploiting the trust relationships between the two communities,” the researchers said.

“The current attack took advantage of the compromise of a high-profile Tibetan activist. It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.